change secrets on deploy

idp/pkg/config/config.go

@@ -28,6 +28,21 @@ type HTTP struct {
 	TLS     bool
 }
 
+// Ldap defines the available LDAP configuration.
+type Ldap struct {
+	URI               string
+	BindDN            string
+	BindPassword      string
+	BaseDN            string
+	Scope             string
+	LoginAttribute    string
+	EmailAttribute    string
+	NameAttribute     string
+	UUIDAttribute     string
+	UUIDAttributeType string
+	Filter            string
+}
+
 // Service defines the available service configuration.
 type Service struct {
 	Name      string
@@ -51,14 +66,15 @@ type Asset struct {
 
 // Config combines all available configuration parts.
 type Config struct {
-	File     string
-	Log      Log
-	Debug    Debug
-	HTTP     HTTP
-	Tracing  Tracing
-	Asset    Asset
-	IDP bootstrap.Config
-	Service  Service
+	File    string
+	Log     Log
+	Debug   Debug
+	HTTP    HTTP
+	Tracing Tracing
+	Asset   Asset
+	IDP     bootstrap.Config
+	Ldap    Ldap
+	Service Service
 }
 
 // New initializes a new configuration with or without defaults.

idp/pkg/flagset/flagset.go

@@ -150,6 +150,83 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"IDP_IDENTITY_MANAGER"},
 			Destination: &cfg.IDP.IdentityManager,
 		},
+		&cli.StringFlag{
+			Name:        "ldap-uri",
+			Value:       "ldap://localhost:9125",
+			Usage:       "URI of the LDAP server (glauth)",
+			EnvVars:     []string{"IDP_LDAP_URI"},
+			Destination: &cfg.Ldap.URI,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-bind-dn",
+			Value:       "cn=idp,ou=sysusers,dc=example,dc=org",
+			Usage:       "Bind DN for the LDAP server (glauth)",
+			EnvVars:     []string{"IDP_LDAP_BIND_DN"},
+			Destination: &cfg.Ldap.BindDN,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-bind-password",
+			Value:       "idp",
+			Usage:       "Password for the Bind DN of the LDAP server (glauth)",
+			EnvVars:     []string{"IDP_LDAP_BIND_PASSWORD"},
+			Destination: &cfg.Ldap.BindPassword,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-base-dn",
+			Value:       "ou=users,dc=example,dc=org",
+			Usage:       "LDAP base DN of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_BASE_DN"},
+			Destination: &cfg.Ldap.BaseDN,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-scope",
+			Value:       "sub",
+			Usage:       "LDAP scope of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_SCOPE"},
+			Destination: &cfg.Ldap.Scope,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-login-attribute",
+			Value:       "cn",
+			Usage:       "LDAP login attribute of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_LOGIN_ATTRIBUTE"},
+			Destination: &cfg.Ldap.LoginAttribute,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-email-attribute",
+			Value:       "mail",
+			Usage:       "LDAP email attribute of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_EMAIL_ATTRIBUTE"},
+			Destination: &cfg.Ldap.EmailAttribute,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-name-attribute",
+			Value:       "sn",
+			Usage:       "LDAP name attribute of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_NAME_ATTRIBUTE"},
+			Destination: &cfg.Ldap.NameAttribute,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-uuid-attribute",
+			Value:       "uid",
+			Usage:       "LDAP UUID attribute of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_UUID_ATTRIBUTE"},
+			Destination: &cfg.Ldap.UUIDAttribute,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-uuid-attribute-type",
+			Value:       "text",
+			Usage:       "LDAP UUID attribute type of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_UUID_ATTRIBUTE_TYPE"},
+			Destination: &cfg.Ldap.UUIDAttributeType,
+		},
+		&cli.StringFlag{
+			Name:        "ldap-filter",
+			Value:       "(objectClass=posixaccount)",
+			Usage:       "LDAP filter of the oCIS users",
+			EnvVars:     []string{"IDP_LDAP_FILTER"},
+			Destination: &cfg.Ldap.Filter,
+		},
 		&cli.StringFlag{
 			Name:        "transport-tls-cert",
 			Value:       "",

idp/pkg/service/v0/service.go

@@ -38,7 +38,7 @@ func NewService(opts ...Option) Service {
 		assets.Config(options.Config),
 	)
 
-	if err := initKonnectInternalEnvVars(); err != nil {
+	if err := initKonnectInternalEnvVars(&options.Config.Ldap); err != nil {
 		logger.Fatal().Err(err).Msg("could not initialize env vars")
 	}
 
@@ -110,26 +110,24 @@ func createConfigsIfNotExist(assets http.FileSystem, ocisURL string) error {
 }
 
 // Init vars which are currently not accessible via idp api
-func initKonnectInternalEnvVars() error {
+func initKonnectInternalEnvVars(ldap *config.Ldap) error {
 	var defaults = map[string]string{
-		"LDAP_URI":                 "ldap://localhost:9125",
-		"LDAP_BINDDN":              "cn=idp,ou=sysusers,dc=example,dc=org",
-		"LDAP_BINDPW":              "idp",
-		"LDAP_BASEDN":              "ou=users,dc=example,dc=org",
-		"LDAP_SCOPE":               "sub",
-		"LDAP_LOGIN_ATTRIBUTE":     "cn",
-		"LDAP_EMAIL_ATTRIBUTE":     "mail",
-		"LDAP_NAME_ATTRIBUTE":      "sn",
-		"LDAP_UUID_ATTRIBUTE":      "uid",
-		"LDAP_UUID_ATTRIBUTE_TYPE": "text",
-		"LDAP_FILTER":              "(objectClass=posixaccount)",
+		"LDAP_URI":                 ldap.URI,
+		"LDAP_BINDDN":              ldap.BindDN,
+		"LDAP_BINDPW":              ldap.BindPassword,
+		"LDAP_BASEDN":              ldap.BaseDN,
+		"LDAP_SCOPE":               ldap.Scope,
+		"LDAP_LOGIN_ATTRIBUTE":     ldap.LoginAttribute,
+		"LDAP_EMAIL_ATTRIBUTE":     ldap.EmailAttribute,
+		"LDAP_NAME_ATTRIBUTE":      ldap.NameAttribute,
+		"LDAP_UUID_ATTRIBUTE":      ldap.UUIDAttribute,
+		"LDAP_UUID_ATTRIBUTE_TYPE": ldap.UUIDAttributeType,
+		"LDAP_FILTER":              ldap.Filter,
 	}
 
 	for k, v := range defaults {
-		if _, exists := os.LookupEnv(k); !exists {
-			if err := os.Setenv(k, v); err != nil {
-				return fmt.Errorf("could not set env var %s=%s", k, v)
-			}
+		if err := os.Setenv(k, v); err != nil {
+			return fmt.Errorf("could not set env var %s=%s", k, v)
 		}
 	}